crypto: dh - SP800-56A rev 3 local public key validation

After the generation of a local public key, SP800-56A rev 3 section
5.6.2.1.3 mandates a validation of that key with a full validation
compliant to section 5.6.2.3.1.

Only if the full validation passes, the key is allowed to be used.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/dh.c b/crypto/dh.c
index f84fd50..cd4f320 100644 (file)
--- a/crypto/dh.c
+++ b/crypto/dh.c
@@ -180,32 +180,41 @@ static int dh_compute_value(struct kpp_request *req)
        if (ret)
                goto err_free_base;
 
-       /* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */
-       if (fips_enabled && req->src) {
-               MPI pone;
-
-               /* z <= 1 */
-               if (mpi_cmp_ui(val, 1) < 1) {
-                       ret = -EBADMSG;
-                       goto err_free_base;
-               }
-
-               /* z == p - 1 */
-               pone = mpi_alloc(0);
-
-               if (!pone) {
-                       ret = -ENOMEM;
-                       goto err_free_base;
+       if (fips_enabled) {
+               /* SP800-56A rev3 5.7.1.1 check: Validation of shared secret */
+               if (req->src) {
+                       MPI pone;
+
+                       /* z <= 1 */
+                       if (mpi_cmp_ui(val, 1) < 1) {
+                               ret = -EBADMSG;
+                               goto err_free_base;
+                       }
+
+                       /* z == p - 1 */
+                       pone = mpi_alloc(0);
+
+                       if (!pone) {
+                               ret = -ENOMEM;
+                               goto err_free_base;
+                       }
+
+                       ret = mpi_sub_ui(pone, ctx->p, 1);
+                       if (!ret && !mpi_cmp(pone, val))
+                               ret = -EBADMSG;
+
+                       mpi_free(pone);
+
+                       if (ret)
+                               goto err_free_base;
+
+               /* SP800-56A rev 3 5.6.2.1.3 key check */
+               } else {
+                       if (dh_is_pubkey_valid(ctx, val)) {
+                               ret = -EAGAIN;
+                               goto err_free_val;
+                       }
                }
-
-               ret = mpi_sub_ui(pone, ctx->p, 1);
-               if (!ret && !mpi_cmp(pone, val))
-                       ret = -EBADMSG;
-
-               mpi_free(pone);
-
-               if (ret)
-                       goto err_free_base;
        }
 
        ret = mpi_write_to_sgl(val, req->dst, req->dst_len, &sign);